Learn about Centmin Mod LEMP Stack today
Register Now

CSF Discuss Maxmind GeoLite2 Free Database Download Changes

Discussion in 'Other Centmin Mod Installed software' started by eva2000, Jan 3, 2020.

  1. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    7:10 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    This thread is dedicated to Maxmind's GeoLite2 free database changes outlined at https://community.centminmod.com/th...eolite2-free-database-download-changes.18959/

    Update:

    CSF Firewall v14.00 Country Code Changes


    Looks like CSF Firewall v14.00 was released to switch away from using Maxmind's GeoLite2 database for Country code lookups for new CSF Firewall installs while older CSF Firewall installs continue to use Maxmind's GeoLite2 databases.
    from /etc/csf/csf.conf for existing CSF Firewall installs you can see CC_SRC = "1" set to use Maxmind GeoLite2 database instead of CC_SRC = "2" for new CSF Firewall installs for using different source databases via db-ip etc.
    Code (Text):
    # Set the following to your preferred source:
    #
    # "1" - MaxMind
    # "2" - db-ip, ipverse, iptoasn
    #
    # The default is "2" on new installations of csf, or set to "1" to use the
    # MaxMind databases after obtaining a license key
    CC_SRC = "1"
    

    So for Centmin Mod 123.09beta01 fresh installs after January 9th, 2020 you should be using CC_SRC = "2" for db-ip Country database and not require signing up for Maxmind account and not requiring to set up MM_LICENSE_KEY in /etc/csf/csf.conf.
    However, if you use and enable Centmin Mod Nginx's optional ngx_http_geoip2_module which is disabled by default as outlined in the How to enable GeoIP 2 Lite Nginx Module Support, then you still will need to set MM_LICENSE_KEY in persistent config file at /etc/centminmod/custom_config.inc with your manually obtained and generated Maxmind account's token API key via https://www.maxmind.com/en/geolite2/signup and generate the token API in Services > My License Key section of your Maxmind account or via link at https://www.maxmind.com/en/accounts/current/license-key and then run centmin.sh menu once and then exit.
     
  2. Andy

    Andy Active Member

    456
    73
    28
    Aug 6, 2014
    Ratings:
    +101
    Local Time:
    4:10 AM
    I see a Dec 27th date
    ls -lAh /var/lib/csf/Geo/
    -rw------- 1 root root 55 Dec 27 10:00 COPYRIGHT.txt
    -rw------- 1 root root 13M Dec 27 10:00 GeoLite2-Country-Blocks-IPv4.csv
    -rw------- 1 root root 3.8M Dec 27 10:00 GeoLite2-Country-Blocks-IPv6.csv
    -rw------- 1 root root 9.7K Dec 27 10:00 GeoLite2-Country-Locations-en.csv
    -rw------- 1 root root 433 Dec 27 10:00 LICENSE.txt
    -rw------- 1 root root 116 Dec 27 10:00 README.txt
     
  3. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    7:10 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah it's relative to when you installed Centmin Mod for CSF Firewall's database as by default CC_INTERVAL is set to update GeoLite2 database in CSF Firewall every 14 days. So roughly around Dec 23 time. So you'd expect an update 14 days from Dec 27th, 2019 if you updated Centmin Mod 123.09beta01 and have setup your own Maxmind API key in persistent config file at /etc/centminmod/custom_config.inc or if you use updated 123.09beta01's shared Maxmind API key which is the default once you update Centmin Mod 123.09beta01
     
  4. Jon Snow

    Jon Snow Active Member

    477
    70
    28
    Jun 30, 2017
    Ratings:
    +109
    Local Time:
    5:10 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    So once we update, we'll be required to create an account and get an api key?

    Should we create our own account or just use yours? Keeping privacy and our privacy policies in mind. What's the purpose of the account and what information does it store?
     
  5. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    7:10 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Not required but recommended to use your own maxmind account and api key instead of the shared one as maxmind account allows you query and track geolite2 database downloads including ip address of server, and the server's web host ASN details

    see Significant Changes to Accessing and Using GeoLite2 Databases | MaxMind Blog

    basically Maxmind requires a way to contact folks forward on 'Do Not Sell' requests for those who download their GeoLite2 databases due to CCPA law requirements

    Do Not Sell https://www.privacypolicies.com/blog/create-display-do-not-sell-my-personal-information-page/

    Within your Maxmind account there's a Do No Sell page which lists IPs that requested their data not be shared/sold
     
    Last edited: Jan 9, 2020
    • Like Like x 1
  6. Jon Snow

    Jon Snow Active Member

    477
    70
    28
    Jun 30, 2017
    Ratings:
    +109
    Local Time:
    5:10 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    Alright, I guess I'll make my own account then.
     
    • Like Like x 1
  7. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    7:10 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Yeah ideally you should.

    FYI, just checked the Centmin Mod maxmind shared API key download stats and it's currently peaking at 128 downloads per day ! :D
     
    • Like Like x 1
    • Informative Informative x 1